The AWS Web Application Firewall operates up to the application layer (layer 7). You can use
AWS WAF to create custom rules that block common attack patterns, such as SQL injection or
cross-site scripting, and rules that are designed for your specific application